1. Field
The present invention relates to a resource protection program, a resource protection apparatus, and a resource protection method for protecting resources to be processed on a computer. Particularly, the present invention relates to a resource protection program, a resource protection apparatus, and a resource protection method for protecting resources from unauthorized accesses such as from malware.
2. Description of the Related Art
There is a need to protect resources to be processed on a computer from unauthorized accesses such as from malware.
It is considered that restrictions are imposed on all operations such as copy to media without exception to ensure security. However, this could impair user convenience.
For example, even if copy to media is a necessary business process, information protection software often prohibit all copy operations without exception.
A context at the time of operating a computer can also be reflected to control accesses dynamically. However, there are many difficult points to identify and control access to a resource according to a history leading up to the operation or an external state of an application.
For example, confidential information can be protected using data or metadata in a file to be processed as information for making a decision. However, it is hard to control accesses flexibly based on a history of operations or the course of processes.
There has been no means for protecting, from unauthorized access, a resource as data existing in a memory of a computer before being saved to a file.
For example, it is anticipated that data in the memory is stolen by malware immediately before being saved to a file, but there has been no method of protecting data from such a fear.
The inventors have worked out a technique for referencing a history of state transitions leading up to the operation and multiple external states upon control of access to any resource to control the access to the resource based on a finite automaton extended to include multiple firing conditions dynamically varying according to the history of state transitions and the external states.
For example, even when transitions from an identical state to the next identical state are made, the transitions may go through different edges depending on the firing conditions. Therefore, the inventors have thought of reflecting each history of state transitions in a policy for controlling subsequent accesses.
For example, the inventors have thought of externally referencing a state in another system at the time as a firing condition for a state transition in addition to a simple event to reflect the reference result in the firing condition in order to execute an action different from firing condition to firing condition.